Cities of the Future, Part 3: Cloud Quandaries

When there's a data breach or the data of city residents is used for marketing purposes without their consent, who is responsible? Can the city enforce its contract with the vendor? If a large corporation misuses its position of trust as a cloud service or computer service provider, what recourse will small, often cash-strapped cities or townships have?

By Richard Adhikari
04/06/10 5:00 AM PT

Part 1 of this series discusses the different approaches being taken to design more efficient urban landscapes.
Part 2 addresses the need for designers to take moral and ethical issues into account.

Cities, like other large organizations, will move increasingly toward virtualization and the cloud in order to save money on infrastructure.

Federal government users of Google Enterprise include the Departments of Education, Energy, and the Treasury; the Food and Drug Administration; the U.S. Army; and the Coast Guard.

The move by city governments toward the cloud hasn't been all smooth. Take the city of Los Angeles, for example. In October 2009, the L.A. City Council voted to outsource its email system to Google after more than two hours of debate during which several members questioned whether or not there would be any real cost savings, and whether the system would be sufficiently secure. Some feared Los Angeles would be making itself a guinea pig for Google.

The contract was approved, pending an amendment that required Google to compensate the city in the event the email system was breached and city data exposed or stolen. That clause was not in the original contract.

Tackling Possible Problems

Google's exclusion of a clause for compensation in its contract with Los Angeles could be construed as sharp negotiating -- but what about the lives that would be affected? Since the L.A. email serves all the city's 30,000 employees, what will happen if some of them fail to receive crucial emails that impact residents' lives?

Take for example the case of Doris Temple, an 85-year-old Navy veteran whom the Social Security Administration
mistakenly declared deceased back in January.

Temple lost her health insurance and thousands of dollars in Social Security benefits and other income. She couldn't get utilities turned on when she rented an apartment because dead people don't have credit scores. It took weeks of effort on the part of Temple and her son to remedy the situation, which was probably due to an error in Social Security Administration records.

Could similar mistakes occur in cities whose applications are all linked together? Or, perhaps, a city's systems might overbill residents for utilities because of a computer glitch. When situations like these arise, how would they be rectified?

"People would have to file a complaint and wait indefinitely for someone to get back to them," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.

To minimize the incidence of such problems, city planners and their computer vendors would need to anticipate them and devise methods for resolving discrepancies.

Where Does the Buck Stop?

When problems occur in cities with automated programs, who's responsible? The city administrators who approved the systems or the vendors who created them? How will a city's residents be compensated for the impact these problems have on their lives? Who will compensate them?

Vendors are not likely to step up to the plate; their solutions are designed to keep things running efficiently.

"IBM solutions are designed and developed to minimize the effects of things like power loss," said Dom Cottone, IBM's region executive for the public sector.

"IBM consultants also work with clients to uncover vulnerabilities in their infrastructures that could be potentially devastating for the businesses if there were a flood, ice storm or other disaster," he told TechNewsWorld.

Not a word about the human costs. That's fair enough, because the business of a corporation is to turn a profit, not to look after or safeguard anyone's welfare -- a fact that administrators of cities that want to computerize all their applications should recognize.

City administrators should ask questions like these: Who owns the data when it's in the computer vendor's cloud? How can cities ensure the enterprises running their cloud services don't use the data for marketing or other purposes? If something goes wrong, what redress do the cities have?

It'll all be in the contract, Jack Vonder Heide, president of
Technology Briefing Centers, pointed out. "The contract with the vendor will lay out data protection and use standards," he told TechNewsWorld.

That's not an ironclad guarantee. "There's always the possibility that the actions of a rogue vendor employee could corrupt the intent of the agreement," Vonder Heide said.

If such a rogue employee were discovered, would the computer vendor turn the suspect over to the city government for prosecution? Or would the suspect be quietly reassigned and the problem covered up?

That's what happened at Moody's, the second-largest rating company in the United States, where executives
covered up a computer error that gave top rankings to unqualified securities. The company only began an investigation after the situation was exposed in press reports.

Important Issues

The possibility of a rogue employee at a vendor is a relatively minor issue; more importantly, vendors have yet to adequately tackle the question of security.

"We're still struggling with getting hold of this concept," Phil Dunkelberger, president and CEO of
PGP, said in a keynote speech at RSA 2010 in San Francisco last month.

When there's a data breach or the data of city residents is used for marketing purposes without their consent, who is responsible? Can the city enforce its contract with the vendor? If a large corporation misuses its position of trust as a cloud service or computer service provider, what recourse will small, often cash-strapped cities or townships have?

"They won't have much recourse in civil court," Vonder Heide said. "However, the vendor could be subject to criminal prosecution if laws are broken."

No one apparently knows how to tackle the human dimension of the problem -- how to compensate those whose lives have been impacted by technology glitches or failures.

Perhaps IBM's Cottone summed up the present approach best: "IBM has more than 150 business continuity and resiliency centers around the world that allow companies to continue business operations under the most challenging circumstances, like a natural or man-made disaster," he said.
"The facilities provide technology hosting services to clients, allowing them to not only store valuable data at the secure data center, but also to continue to work from wherever they have access to a computing device and Internet connection."